-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malformed HTTP request causes connection drop #4543
Comments
I think you are looking for the
The server logs: |
oooo. Thanks. I went and looked this up in the docs and I found the definition of that event:
That's not a great definition - if someone could chuck some key words in there like 'malformed', 'bad request', 'invalid http' that would help people find the right event. Will also open an issue with connect and/or express, neither of which handle this. |
/cc @nodejs/http in case there's a better way to handle this and/or someone wants to dive in and expand the doc for the event a bit. |
/cc @nodejs/documentation too... |
Followup: so whilst it's possible to see an event when an invalid request is received, I still can't make the server respond with the correct HTTP response? |
The context for this is that HTTP clients representing middleboxes and proxies such as load balancers, CDNs and so on may interpret a prematurely closed connection from a backend as an indication that the backend is sick, rather than that their request was invalid. I still need a way to get Node to response with a |
Not a Node-land answer, but if you put nginx in front of your Node HTTP server, it will return |
Yes, I'd do that, but I'm using Heroku (which is obvs a common use case for Node/express), and Heroku router passed malformed requests on to the application to deal with, then throws a platform error if the app closes the connection prematurely, and issues a |
We could change the semantics of the |
It is very important to take in account that there is no pending request, because the data sent was invalid (be it one request, or several - we don't know for sure). |
Yea, if the client sends a request like the given malformed one, I don't think Node.js can be expected to even be able to construct a Now, the If there was at least a way to write user-land code in order to write raw data on the socket after a client error, that would get us into a position where a user can choose to do something different than the default behavior. |
Make default `clientError` behavior (close socket immediately) overridable. With this APIs it is possible to write a custom error handler, and to send, for example, a 400 HTTP response. http.createServer(...).on('clientError', function(err, socket) { socket.end('HTTP/1.1 400 Bad Request\r\n\r\n'); socket.destroy(); }); Fix: nodejs#4543
Proposed "fix" is there: #4557 |
Make default `clientError` behavior (close socket immediately) overridable. With this APIs it is possible to write a custom error handler, and to send, for example, a 400 HTTP response. http.createServer(...).on('clientError', function(err, socket) { socket.end('HTTP/1.1 400 Bad Request\r\n\r\n'); socket.destroy(); }); Fix: nodejs#4543 PR-URL: nodejs#4557 Reviewed-By: Brian White <mscdex@mscdex.net>
The default behavior before v6 is that you can only log and the http server itself handled destroying the socket for you. But now if you need to write code to handle <v6 and v6, do you need to check Something like:
What's the best way of doing this? |
@fastest963 It is impossible to write a reliable handler for clientError that returns a response in Node 4.x because the socket is destroyed by the time the event handler is called. https://github.com/nodejs/node/blob/v4.x/lib/_http_server.js#L385 The only thing to do if you care about this is to upgrade to 6.x or above. |
Node:
Telnet:
Expected: An error to be thrown or the request to be handled.
Actual: No error is thrown, the server callback is not invoked, and the connection is closed.
This seems to suggest to me that it is impossible for me to correctly handle malformed HTTP requests from my Node application. I would like to be able to return a valid HTTP 400 Bad Request response.
The text was updated successfully, but these errors were encountered: